Commit Graph

190 Commits

Author SHA1 Message Date
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Nick Mathewson
61d740ed01 Add manual page entries for new IPv6-exits options 2012-11-14 23:35:13 -05:00
Karsten Loesing
c03e3d66a9 Minor tweaks and comments to nils' geoip v6 code. 2012-10-17 10:54:52 +02:00
nils
abb886014e Add GeoIP database for IPv6 addresses 2012-10-17 10:54:52 +02:00
Linus Nordberg
1cbf45bed1 Make option OutboundBindAddress accept IPv6 addresses too.
Implements ticket 6786.
2012-09-20 17:09:25 +02:00
Nick Mathewson
f612a9eb1b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-19 08:26:07 -04:00
Nick Mathewson
b9c86948e4 Clarify that hidden services are TCP only
Also remove some trailing whitespace.

Patch from maker; fixes bug 6024.
2012-09-19 08:19:21 -04:00
Roger Dingledine
9ab3b332ae Merge branch 'maint-0.2.3' 2012-09-14 02:41:13 -04:00
Robert Ransom
909691f1ae Fix man page typo 2012-09-13 23:25:03 -07:00
Roger Dingledine
e1e34ee4e4 raise bandwidthrate/bandwidthburst to a new "infinite"
addresses bug 6605.
2012-09-10 03:03:06 -04:00
Roger Dingledine
6f82ae44cb Merge branch 'maint-0.2.3' 2012-09-05 16:41:43 -04:00
Roger Dingledine
97dbff51e6 Update the minimum bandwidth for a public relay
The current cutoff is 30KB, but in reality a useful cutoff is probably
more like 50KB or 100KB.
2012-09-05 16:40:57 -04:00
Nick Mathewson
116c8409ba Merge remote-tracking branch 'linus/bug6770_3'
Conflicts:
	doc/tor.1.txt
	src/or/config.c
2012-09-05 11:35:26 -04:00
Linus Nordberg
f7c97cd40b Remove AuthDirPublishIPv6 and let AuthDirHasIPv6Connectivity fill its function.
See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.
2012-09-05 13:35:39 +02:00
Linus Nordberg
0e53742a85 Make AuthDirHasIPv6Connectivity a BOOL.
This is a fix of unreleased tor. It solves ticket #6770.
2012-09-05 12:47:01 +02:00
Roger Dingledine
67065c3c06 minor typos i found while constructing the changelog 2012-09-05 04:46:27 -04:00
Linus Nordberg
e04e1a2e7d Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
2012-09-04 12:57:21 -04:00
Nick Mathewson
48a6816eb5 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-31 18:39:27 -04:00
Nick Mathewson
b17bb543da Merge branch 'bug6732' into maint-0.2.3 2012-08-31 18:39:11 -04:00
Nick Mathewson
774979ca45 Document consensus and microdesc files
Bugfix for #6732.
2012-08-31 11:35:47 -04:00
Nick Mathewson
0c5a44ed0a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:16:27 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
0867479e3e Add some attributes to make a2x quieter 2012-08-23 13:19:54 -04:00
Nick Mathewson
e6d61ee594 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 10:18:05 -04:00
Nick Mathewson
d9bd0de062 Fix some manpage typos
This is based on a pair of patches from A. Costa. I couldn't apply
those directly, since they changed the generated *roff files, not
the asciidoc source.

Fixes Tor bug 6500 and Debian bug 683359.
2012-07-31 10:16:03 -04:00
Linus Nordberg
fff842a47c Add config option AuthDirPublishIPv6.
Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.

Implements enhancement #6406.
2012-07-19 17:51:15 -04:00
Linus Nordberg
044da1bf0f Add configure option AuthDirHasIPv6Connectivity.
Implements enhancement 5974.
2012-07-19 18:21:22 +02:00
Nick Mathewson
9ad5b25930 Improve Alternate*Authority docs. Bug 6387. 2012-07-16 11:21:20 -04:00
Nick Mathewson
f5e86bcd6c Document 0.2.3.x torrc/default-torrc/command line semantics changes
Bug 4748

squash! Document 0.2.3.x torrc/default-torrc/command line semantics changes

Incorporates fixes suggested by rransom.
2012-06-18 12:01:27 -04:00
Roger Dingledine
427d4dd148 fix typos, logic error, default in man page 2012-06-15 03:25:27 -04:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
75706527c1 Document --hush; fix documentation for --quiet. 2012-06-14 14:58:51 -04:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
2d127eacd9 List defaults consistently in manpage
Nearly everywhere, we end options with "(Default: foo)".  But in a
few places, we inserted an extra period after or before the close
parenthesis, and in a few other places we said "(Defaults to foo)".
Let's not do that.
2012-06-11 09:52:43 -04:00
Nick Mathewson
b74f851861 Correct the defaults for the *Statistics options 2012-06-07 13:46:51 -04:00
Nick Mathewson
8a341cc429 Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
2012-06-06 12:00:04 -04:00
Roger Dingledine
f4db3e2631 clarify that LongLivedPorts is for hidden services too 2012-06-03 21:07:34 -04:00
Nick Mathewson
f00a8b4307 Another dirport/orport correction; this one from "cypherpunks" 2012-05-16 15:45:20 -04:00
Nick Mathewson
400c7ce2b6 Document that the ORPort flags apply to DirPort too. (thanks, Roger.) 2012-05-16 15:07:54 -04:00
Nick Mathewson
3c7c51ce07 5597: document new ORPort options 2012-05-16 14:54:16 -04:00
Nick Mathewson
dfbe779a45 Clarify SessionGroup documentation. Bug 5437. 2012-05-16 14:43:11 -04:00
Nick Mathewson
82ce43a706 Merge remote-tracking branch 'public/bug3964' 2012-05-16 11:33:52 -04:00
Nick Mathewson
1150b6b43e Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 11:23:06 -04:00
Nick Mathewson
8e07798284 Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259. 2012-05-15 11:22:06 -04:00
Nick Mathewson
dc60b5d6a7 Improve our documentation for the NT Service command line options
We explain the --options option, document --nt-service as an
internal-use-only thing (which it is), fix a URL, and generally
improve the prose.
2012-04-11 13:10:35 -04:00
Nick Mathewson
77e51224fa Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
2012-04-11 10:59:11 -04:00
Daniel 'koolfy' Faucon
42143979d8 Add a warning about settign a bridge in MyFamily 2012-04-02 18:16:14 -04:00
Roger Dingledine
c7cbd06d5f Merge branch 'maint-0.2.2'
Conflicts:
	src/or/config.c
2012-04-01 16:03:16 -04:00
Roger Dingledine
40ab832c4e BridgePassword was never for debugging
It is for the not-yet-implemented bridge community design.
2012-04-01 15:59:00 -04:00